Take the Privilege Access Management (PAM) Maturity Assessment to see where you place in the PAM Maturity Model

The Thycotic Privileged Access Management Maturity Model presents a roadmap for your PAM journey. It defines four phases of PAM maturity organizations typically progress through as they evolve from laggards to leaders.

The model is based on security industry best practices and our work with 10,000 customers of all types, ranging from organizations beginning to experiment with PAM to the most experienced and advanced PAM users.

You can apply lessons from the PAM Maturity Model based on your own risk drivers, budget, and priorities.

Privileged Access Management Maturity Model

Analog

Paper-based password & credential tracking

Default password use

No password rotation

No or minimal password complexity requirements

Basic

Automated privileged account discovery

Password vaulting

Non-default password use

Multi-factor authentication

Advanced

Password hiding/obfuscation

Privileged session proxying

Dual control & 4-eyes protocols

Session monitoring

Immutable privileged activity and auditing

Endpoint Least Privilege & application control

Adaptive Intelligent

Automated anomaly detection & remediation

Automated privileged account lifecycle management

DevOps workflow privileged account management

PAM Maturity Phase 1:

Analog

Organizations in the Analog phase of PAM maturity have a high degree of risk. They secure their privileged accounts in a limited way, if at all. They typically set up privileges manually and may keep track of them via spreadsheets. As a result, they often provide excess privileges to people who don’t need them, share privileges among multiple administrators, and neglect to remove privileges when users leave the organization or change roles.

PAM Maturity Phase 2:

Basic

When organizations progress from the Analog stage to the Basic stage of PAM maturity, they adopt PAM security software and begin to automate time-consuming, manual processes. Many start with a password vault to store privileges and some choose password management tools more appropriate for consumers than enterprises.

PAM Maturity Phase 3:

Advanced

As organizations move from a reactive to a proactive privilege security strategy they enter the Advanced phase of PAM maturity and PAM becomes a top priority within their cyber security strategy. Organizations at this level are committed to continuous improvement of their privileged security practices.

PAM Maturity Phase 4:

Adaptive Intelligent

As organizations ascend to the ultimate stage of PAM maturity they take the concept of continuous improvement to a higher level, often relying on artificial intelligence and machine learning to collect information and adapt system rules. They fully and automatically manage the entire lifecycle of a privileged account, from provisioning to rotation to deprovisioning and reporting.

Download the PAM Maturity Model Whitepaper

Within the four phases there are gradations of PAM maturity which impact cyber risk, business productivity, and cost of compliance. In addition to security activities, the model also reflects the frequency and scale at which organizations conduct those activities.